eMusic Spam - monday 2009-06-08 1237 last modified 2009-06-08 1237
Categories: Nerdy
TrackBacks Sent: None

In retrospect, it's easy enough to uncover that eMusic sells their user list to spammers. I've only just noticed it, oddly by way of a recent tide of totally blank emails. I used to give out a unique address for each one-off service to track who was being unethical about their contact lists and more easily shut down the influx of spam. Perhaps I'll get less lazy about restarting the practice. If it were easier to mint the address and easier to see which addresses were attracting spam, I'd do it more. Maybe I'll move on formalizing that infrastructure.

I signed up for eMusic and used them for a day because Sony was cross promoting free downloads from them with new phones. That was not worth it. You still end up paying somehow. Good bye forever, eMusic, and good riddance.


My System

My email provider (FastMail.fm) allows you to turn your email address into a domain name and then use any user name you want as the local part of the email address. e.g. joeuser@example.com can receive email sent to any *@joeuser.example.com. So when I have to enter an email address on a site I don't trust, I just use the site's domain name as the local part of the email address: 1800flowers.com@joesuer.example.com . No setup required, unless I have to send mail *from* that address, which is sometimes necessary later to unsubscribe from their list. In that case I use the trick from this hint.

I too had become lax about using this policy; after doing it for several years I found very few instances of someone selling my address to a spammer. In plenty of cases I got on a 'legitimate' mailing list I hadn't intended to sign up for, but these lists always respected unsubscribe requests.

But recently I placed an order with 1800flowers.com and started getting mail from their affiliates. Fortunately I had used a custom address so I was able to track down the source of the new mailing list subscriptions. Unfortunately they have lots of affiliates, and the unsubscribe database is not shared. So far I've unsubscribed from mailing lists of four different affiliates; we'll see how many more are yet to come.

Jesse Byler on June 16, 2009 04:44 PM

That's an intere...

That's an interesting way to approach the problem. Maybe I'll use something similar and make a catch all with a certain prefix or suffix in the username space. With the way dictionary spam attacks go, I'd be a bit concerned about the volume of spam attracted by a subdomain. But the larger point about enabling my laziness in creating those fake addresses is a good one, thanks for sharing the idea.

I don't envision ever needing to send mail from these fake addresses, rare enough that should the need arise I can just flub it with pine. As for visualizing which address the spam goes to, maybe it's time to modify my Thunderbird setup a bit. I have high hopes for the extensibility of the next version of Thunderbird.

Ryan Lee on June 21, 2009 10:55 PM

For qmail

A simple ad-hoc system is to add a dot-qmail file that covers all addresses that start with a specific prefix, like nospam-*@example.org, so any email address like nospam-emusic.com@example.org goes to the same mailbox. To cut off spam from that spammer of a company, just make a dot-qmail file nospam-emusic:com that automatically trashes it to a blackhole.

Ryan Lee on August 26, 2009 11:59 PM

You must login to leave a comment


No TrackBacks for this entry.